From 81a9afd8a2698be934d79e32939d7410351ecf4a Mon Sep 17 00:00:00 2001
From: "@" <@>
Date: Tue, 22 Sep 2020 16:15:18 -0500
Subject: [PATCH] reformat

---
 DefenseEvasion.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/DefenseEvasion.md b/DefenseEvasion.md
index 81047ae..a6b2a0d 100644
--- a/DefenseEvasion.md
+++ b/DefenseEvasion.md
@@ -21,7 +21,7 @@ Atomics: [T1548.002](https://github.com/redcanaryco/atomic-red-team/blob/master/
 
 Detection of UAC bypass through tampering with Shell Open for .ms-settings or .msc file types. Beyond this Atomic test, and to further UAC bypass detection, the below query includes detection for CMSTPLUA COM interface abuse by GUID. See [Security-in-bits](https://www.securityinbits.com/malware-analysis/uac-bypass-analysis-stage-1-ataware-ransomware-part-2/#footnote) for more info about CMSTPLUA COM abuse.
 
-**Noted issues with Sentinel Agent 4.3.2.86 detecting by registry key. All registry key paths were ControlSet001\Service\bam\State\UserSettings\GUID\...**
+*Noted issues with Sentinel Agent 4.3.2.86 detecting by registry key. All registry key paths were ControlSet001\Service\bam\State\UserSettings\GUID\...*
 
 ```
 (SrcProcCmdLine ContainsCIS "ms-settings\shell\open\command" OR SrcProcCmdLine ContainsCIS "mscfile\shell\open\command") OR (TgtProcDisplayName = "COM Surrogate" AND TgtProcCmdLine ContainsCIS "{3E5FC7F9-9A51-4367-9063-A120244FBEC7}")